Data leaks are still common. Who is responsible for this? We asked about this in an opinion poll: you can find the answer here.
What is personal data and what has secure email to do with it
Most companies share data and keep sensitive personal information in their files. This can go from clients' or colleagues' names and date of birth to religion or health information. In short, a lot of data that identifies customers or employees. This data should be shared carefully and in an encrypted way, making sure it doesn't end up in the wrong hands.
However, what exactly is personal Identifiable Information? Should we protect ALL the data? Read on to find out more!
What is Personally Identifiable Information or personal data?
Personally identifiable information (“PII”) or personal data is defined by the U.S. department of labor as: any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.
In short, personal data is data which helps to identify a person. Think of a name, date of birth or place of birth. A fact that can be linked to a person.
For example, if we look at email addresses, they are considered personally identifiable information, according to data protection laws such as the GDPR and CCPA. They give away important information about the person: name and company where they work. Let's say Jane.firstname.lastname@example.org indicates that Jane is employed at Company ABC. This email address can only be assigned to Jane and is therefore classified as personal data.
This is just an example, because it is not always that simple. It often concerns combinations of data, which ensure that they can be linked to a person.
Examples of Personally identifiable information are:
- First name and surname
- Email address
- Phone number
- Data of birth
- Social Security number
- IP address
- Tax identification number
- Credit card number
- Health information
- Copies of government-issued IDs
Can I send personally identifiable information data via email?
Yes, but with the right kind of security. Standard email is not secure enough. That is why it is important to use the appropriate security adjustments. When handling personal data via email, you should consider:
- Storage: Don't let this kind of information litter your inbox. Save it in the right place and then delete your email. It is also important to take into account regulations like the GDPR, that has rules regarding how long personal data may be stored.
- Encryption: Sensitive data should not be sent by regular email, as this does not offer a sufficient level of encryption. Instead, send such via secure messages, for example using a solution like SmartLockr.
- Multi-factor authentication: This ensures that sensitive information does not end up with the wrong person and that you thus have a data breach on your hands. The type of authentication you need depends on the information you have included in your message.
What is the impact of sending personal data insecurely?
The impact can be significant without even realizing it. While an email address is often “just” a given thing that is commonly known (or easy to search for), in some cases visibility can have unpleasant consequences.
For example, an HIV clinic in the UK once received a fine after all patients' email addresses were visible to all recipients. Instead of the bcc button, the cc button was used when sending out a newsletter. This caused every recipient to see to whom the newsletter was sent. So for those who had processed their name in the email address, it was a painful discovery.
If this kind of information leaks, the consequences can be enormous for those involved. Data can be used by malicious parties without noticing it. Identity fraud can then be a consequence: when a person pretends to be someone else, bank accounts can be opened, for example.
If you send personal data in an unsecure way, you are risking running into unpleasant surprises. In addition to the consequences for those involved, there are also fines for you as an organization, which can be 4% of the global annual turnover.
What do I need to securely send personal data digitally?
In a growing digital society there is an increasing need to be able to share personal data with colleagues, customers and partners. The public and private sectors exchange this kind of information on a daily basis. But of course this has to be done safely. How? Follow the step-by-step plan below and discover what you need. Do you want to be sure of error-free handling of the data within your organization? Download our free Whitepaper and learn how to outsmart a data breach.
Step 1: Assess the information
Assess which information you are processing is or may be sensitive. This includes personal data. But for many organizations, there are also other (company) data that should not fall into the wrong hands.
Step 2: What are the weaknesses in the communication chain?
Make a risk assessment and identify possible weaknesses in the communication. For example, do you send a fax? Then, it is impossible to be 100% sure that the intended recipient is at the fax machine when your message rolls out of the fax. A courier as an alternative? That seems like a great plan, but there is always the chance that they will deliver your documents to the wrong recipient.
Step 3: What is the appropriate solution?
Now that you know the risks, it is important to tackle them with the right solution. This is often a combination of a number of solutions. Appointing people responsible for security is a first option. But continuous training of your employees is also part of this. A very useful way to get your cyber security in order is to implement digital solutions that help you with encryption, authentication, storage and so on.
At SmartLockr, we are committed to protecting all of your sensitive data - from personal data to business information. With our solution, you get an easy-to-use and compliant platform for secure emailing and file sharing. We are happy to help you on your way to cybersecurity! Learn more about how to protect your organization from data breaches in our eBook. You can download this below.